Webserver logs: "Morfeus F***ing Scanner"

I've just found these accesses in my web server log files:

::ffff:218.38.136.38 109.72.95.175 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner"
::ffff:218.38.136.38 109.72.95.174 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner"

Should I start to worry ? Or is it just a normal attempt to hack my server ? thanks


Solution 1:

It's a scanner looking for vulnerabilities in PHP based websites(reference). Script kiddies use these types of things to scan many many websites. You're not necessarily being singled out.

If you're not running PHP, you have nothing to worry about. If you are, I sure hope you're using secure code.

Solution 2:

It's looking for vulnerabilities, and you can deny it access this way in your config:

$HTTP["useragent"] =~ "^Morfeus" { url.access-deny = ( "" ) }